isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,725 Commits 1 Branch 0 Tags
1ae4c1bf671fc45dab3b58dec9e135ff74a299cc
Commit Graph

10725 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
9325a342b5 Go back to storing the last error file/line in sudoerserrorf(). 
This is still the best way to avoid displaying more than one error
per line.
 2021-02-08 08:00:04 -07:00
Todd C. Miller
a046e3bbb0 Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just ASAN_CFLAGS. 2021-02-08 05:27:26 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
30d9497eb6 Add stub library that just feeds files to the fuzzing target. 
This will allow the fuzzers to be run as part of "make check".
 2021-02-07 15:43:51 -07:00
Todd C. Miller
db4ee0a903 Append to CFLAGS and LDFLAGS instead of overriding them when adding -m64. 2021-02-07 15:38:11 -07:00
Todd C. Miller
a72d743ec8 Fall back to a temp file if fmemopen() is not available(). 2021-02-07 13:56:15 -07:00
Todd C. Miller
c19cb388bc Add missing return statement when NO_LEAKS is not defined. 2021-02-07 13:37:21 -07:00
Todd C. Miller
c140b5942c Remove remnants of liblogsrv. 2021-02-07 08:58:41 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
38f1e55cdc Sync ignore files. 2021-02-06 16:42:07 -07:00
Todd C. Miller
a3dae6f2c9 Fix linking of sudoers fuzzers with static libsudo_util. 2021-02-06 16:25:50 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00
Todd C. Miller
7a2a211dfc Replace --enable-asan with --enable-sanitizer 
It is not possible to set the sanitizer flags at configure time.
 2021-02-06 12:42:11 -07:00
Todd C. Miller
4480e26972 Build (but don't run) fuzzers as part of "make check". 
Uses a stub to make it possible to link w/o libfuzzer.
The goal is to ensure the fuzzers are always buildable and avoid bit rot.
 2021-02-06 08:38:38 -07:00
Todd C. Miller
ecaa9cd08d Add libsudo_eventlog.la as a dependency of libsudo_iolog.la 
No longer need to link against libsudo_eventlog.la in sudoers.
 2021-02-06 08:36:01 -07:00
Anton Bershanskiy
fecb68617d Fix comment typo in src/copy_file.c 2021-02-06 12:23:31 -07:00
Todd C. Miller
1c02c14c35 Add more test files for fuzzers. 2021-02-05 19:30:00 -07:00
Daniel Milnes
d51c49789e Fix the typo in the mdoc 2021-02-05 16:03:55 -07:00
Daniel Milnes
2b2e5d0c40 Fix a tiny typo in the Sudo manpage 2021-02-05 16:03:55 -07:00
Todd C. Miller
5c2a21350d fuzzer for I/O log timing files 2021-02-04 19:22:15 -07:00
Todd C. Miller
47f08e986f In JSON, name/value pairs must be separated by a comma. 
Previously we didn't require the comma to be there.
 2021-02-04 18:01:53 -07:00
Todd C. Miller
92cf172eda Detect integer overflow when converting JSON_ARRAY to string vector. 
Extremely unlikely to happen but better safe than sorry.
 2021-02-04 16:10:35 -07:00
Todd C. Miller
665f8d2e3e Only strip double quotes from an include path if len >= 2. 
Found locally using libfuzzer/oss-fuzz.
 2021-02-03 16:50:04 -07:00
Todd C. Miller
e675f4c078 Don't allow the sudoers fuzzer to open include files. 
If we allow the fuzzer to choose include paths it will include
random files in the file system.  This leads to bug reports that
cannot be reproduced.
 2021-02-03 15:20:54 -07:00
Todd C. Miller
f5fc5d6417 If getdelim() returns a string with embedded NULs, truncate on first one. 
This should avoid some issues with the fuzzer.
 2021-02-03 15:13:18 -07:00
Todd C. Miller
10e37223b5 Reallocate the buffer correctly when appending a newline. 
Fixes a potential buffer overflow introduced in the last commit.
 2021-02-03 15:13:03 -07:00
Todd C. Miller
b4cabdb394 Don't free the alias name in alias_add() if the alias already exists. 
We need to be able to display it using alias_error().
Only free what we actually allocated in alias_add() on error and
let the caller handle cleanup.  Note that we cannot completely fill
in the alias until it is inserted.  Otherwise, we will have modified
the file and members parameters even if there was an error.
As a result, we have to remove those from the leak list after
alias_add(), not before.
 2021-02-03 14:17:37 -07:00
Todd C. Miller
884b2fb86b Fix NUL termination when parsing a sudoers file with no ending newline. 
oss-fuzz issue #30252
 2021-02-03 13:49:21 -07:00
Todd C. Miller
077c9b0c74 sudoersrestart() does not reset state to INITIAL, do it in init_lexer(). 
Fixes spurious errors from fuzz_sudoers, which calls the parser multiple times.
 2021-02-03 13:00:09 -07:00
Todd C. Miller
63a63680b6 Push lexer leak tracking down into check_fill.c. 
This lets us track things correctly when buffers are realloc()d.
Rewrote fill() and append() to be more readable.
 2021-02-03 12:57:04 -07:00
Todd C. Miller
3237a18ee3 Use sudoersrestart() in fuzz_sudoers.c 
Since we run the parser multiple times we need to restart it each time.
 2021-02-03 12:52:15 -07:00
Todd C. Miller
e66b132d76 Parser needs user_shost for the %h escape in @include expansion. 
Fixes oss-fuzz issue #30238
 2021-02-03 08:56:32 -07:00
Todd C. Miller
bde4411867 The --disable-leaks option is not recommended for production use. 2021-02-03 07:57:10 -07:00
Todd C. Miller
bd4e8bc699 Remove options from the leak list before freeing them. 
Should fix oss-fuzz issue #30236
 2021-02-03 07:52:38 -07:00
Todd C. Miller
d2901f4121 Add fuzzer for legacy I/O log info file. 2021-02-03 07:41:20 -07:00
Todd C. Miller
29f5f3c53e Fix uninstall target; there were missing line continuation chars. 
GitHub issue #87
 2021-02-03 07:35:33 -07:00
Todd C. Miller
aaa2e8ddec Don't close fp in sudoers_parse_ldif() 
The caller should be the one to handle this.
 2021-02-02 15:06:38 -07:00
Todd C. Miller
68939adee2 Update ignore files. 2021-02-02 14:40:47 -07:00
Todd C. Miller
bdb02b1eff Got back to calling alias_free() on alias_add() failure. 
We now need to remove the name and members from the leak list
*before* calling alias_add() since alias_add() will consume them
for both success and failure.
 2021-02-02 14:40:37 -07:00
Todd C. Miller
8f2254594f close sudoersin, not fp, and reset it to be safe 2021-02-02 14:12:43 -07:00
Todd C. Miller
20b3904f4f Add missing fclose(3) of fmemopen(3) stream; it does not modify the data. 2021-02-02 13:58:31 -07:00
Todd C. Miller
2fd4a2ad71 Check for unexpected value after checking the name, not before. 2021-02-02 13:32:29 -07:00
Todd C. Miller
71997da168 Fix potential leak of evlog->runuser. 
Also warn if we find an unexpected JSON type.
 2021-02-02 10:27:27 -07:00
Todd C. Miller
eec4f42366 Allow getprogname() to succeed as long as __progname is present. 
Also simplify the progname code so we only need a single implementation.
 2021-02-02 11:20:53 -07:00
Todd C. Miller
0d34fa4285 Parse into a local parse_tree and add missing cleanup. 
Since parsed_policy is for the sudoers parser we should declare our own.
 2021-02-01 21:04:49 -07:00
Todd C. Miller
d3735b98e9 Call init_parser() after parsing to clean up completely. 2021-02-01 20:37:59 -07:00
Todd C. Miller
f30670a42f Plug a few more parser leaks. 2021-02-01 19:56:52 -07:00
Todd C. Miller
f59a8f3035 Make parser_leak_remove(type, NULL) a no-op. 2021-02-01 18:23:55 -07:00
Todd C. Miller
1e3cecc608 Add initial fuzzers to be used by oss-fuzz. 
These are not yet hooked up to the sudo build.
 2021-02-01 15:17:57 -07:00
Todd C. Miller
568931035d Move new_member_all to ldap_util.c, it is only used by ldap/sssd. 2021-01-31 05:44:40 -07:00